Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Use python without install it.

0 views
Skip to first unread message

Bertrand Geston

unread,
Jul 31, 2002, 11:58:15 AM7/31/02
to
Hi,

Does somebody know if it is possible to use python on a computer under Linux
on that it's not allowed to install it for security reasons (server in
production) ?
The purpose is to have some shell scripts written in Python to make some
maintenance tasks. Those scripts are launched manually.

Run it from a CD rom ? How ?
Special user ? is it really secure ?
Other idea ?

TIA.

B.


holger krekel

unread,
Jul 31, 2002, 2:13:42 PM7/31/02
to

I *guess* this is more a political than a technical issue.

Manually launching maintenance scripts doesn't look like
a big problem so far. but that completly depends on your
circumstances.

Could you be a bit more specific of which kind of security
do you want?

holger

Chris Liechti

unread,
Jul 31, 2002, 2:37:46 PM7/31/02
to
"Bertrand Geston" <berg...@yahoo.fr> wrote in
news:ai917o$12j0d8$1...@ID-135695.news.dfncis.de:
> Does somebody know if it is possible to use python on a computer under
> Linux on that it's not allowed to install it for security reasons
> (server in production) ?
> The purpose is to have some shell scripts written in Python to make
> some maintenance tasks. Those scripts are launched manually.

McMillan's Installer http://www.mcmillan-inc.com/install1.html
has linux support.
Freeze should work too, but i think that's not that easy to use.



> Run it from a CD rom ? How ?

i have never tried that, but once you have an executable it should be
possible.

> Special user ? is it really secure ?

it is as secure as any other executable. as python has advanced error
handling, it's in fact more secure than say an average C program (less risk
for a core dump etc.)

> Other idea ?

try to convince the admin of that machine. python is _very_ stable. your
scripts will be better maintainable in python as well as faster developed.
that should be enough resons to install it and save money ;-)

chris

--
Chris <clie...@gmx.net>

Cliff Wells

unread,
Jul 31, 2002, 2:21:27 PM7/31/02
to
On Wed, 2002-07-31 at 08:58, Bertrand Geston wrote:
> Hi,
>
> Does somebody know if it is possible to use python on a computer under Linux
> on that it's not allowed to install it for security reasons (server in
> production) ?

Why would installing Python be a security risk? If someone were able to
get enough access to the server that they could run an installed copy of
Python, I'm guessing they'd be able to install their own if it weren't
already there.

Or are you simply hoping the added inconvenience of the installation
(after hours/days of hacking a Linux box) will dissuade them? ;)

> The purpose is to have some shell scripts written in Python to make some
> maintenance tasks. Those scripts are launched manually.
>
> Run it from a CD rom ? How ?
> Special user ? is it really secure ?
> Other idea ?
>
> TIA.
>
> B.
>
>

> --
> http://mail.python.org/mailman/listinfo/python-list
--
Cliff Wells, Software Engineer
Logiplex Corporation (www.logiplex.net)
(503) 978-6726 x308 (800) 735-0555 x308


Markku Hänninen

unread,
Aug 4, 2002, 5:36:16 PM8/4/02
to
Chris Liechti <clie...@gmx.net> writes:

> "Bertrand Geston" <berg...@yahoo.fr> wrote in
> news:ai917o$12j0d8$1...@ID-135695.news.dfncis.de:
> > Does somebody know if it is possible to use python on a computer under
> > Linux on that it's not allowed to install it for security reasons
> > (server in production) ?
> > The purpose is to have some shell scripts written in Python to make
> > some maintenance tasks. Those scripts are launched manually.
>
> McMillan's Installer http://www.mcmillan-inc.com/install1.html
> has linux support.
> Freeze should work too, but i think that's not that easy to use.

I have created a tool for software installation purposes which is basically a
single-file python interpreter using freeze. The reason for this is, that
installation shell-scripts grow far too complicated and hard to maintain but
we can't rely on having python in the customers machines (and having python
installation in our installation procedure would be too complicated and
could propaby lead into "political" issues described above).

This is the freezed script:

#!/usr/bin/env python
#
# (C) 2002 Markku Hänninen (h...@iki.fi)
#

# add here all python-modules that are used in the scripts
# which are run with this utility
import sys, os

# if we have arguments, assume that the first argument is a python program
# and the rest are arguments for it, otherwise run the interactive interpreter
sys.argv=sys.argv[1:]
if len(sys.argv):
execfile(sys.argv[0])
else:
code.interact()


Creating the tool:

1. link python statically

2. check that you have added all the needed modules to the script

3. run freeze for the script

You can then run your programs by running "spython <program>" assuming that
you use the same name for the script as I did, spython (for static python).

I have created a short description of this at:
http://www.iki.fi/~hmm/python/spython.html

The problem with this is of course that the programs run with this are limited
to the module-set defined before freezing. However, that's not so much of a
problem if you know that all of them will be also produced by you. (And if
you're using this for installation, you can then make a python-program that
installs full python for you :-)

I also recently tried using McMillan's installer instead of freeze and it
seemed to work slightly better (I could include xml.dom to the interpreter,
which with freeze seems a bit difficult). With that you can also omit
static linking of python (but I rather stick to it, as I don't like the
dynamic libraries appearing to the directory at runtime).


> try to convince the admin of that machine. python is _very_ stable. your
> scripts will be better maintainable in python as well as faster developed.
> that should be enough resons to install it and save money ;-)

It usually seems to be very hard to require customers install any additional
software, it seems to be better to include everything as part of your
"product".


--
Markku Hänninen /
h...@iki.fi / "Actually it works, it just doesn't look that way."

Kiril Karaatanasov

unread,
Aug 5, 2002, 4:56:13 AM8/5/02
to
"Bertrand Geston" <berg...@yahoo.fr> wrote in message news:<ai917o$12j0d8$1...@ID-135695.news.dfncis.de>...

> Hi,
>
> Does somebody know if it is possible to use python on a computer under Linux
> on that it's not allowed to install it for security reasons (server in
> production) ?

One ususaly does not need to have python in /bin /usr/bin or other
peculiar location. One may have it in their own home directory say
/export/home/Geston.
All files may have read/exec right solely for their user etc. Of
course you can have the whole Pytohn thing on a CD. All you need to
know is where python is and have enough permissions to execute it.

> The purpose is to have some shell scripts written in Python to make some
> maintenance tasks. Those scripts are launched manually.

I would again assume those script run as special user may be even
root. There is no problem to prvent read/execute rights for any other
users. Note that removing only execute does not always solve the
problem thus prevent reading as well.

>
> Run it from a CD rom ? How ?

Just have the python root ont the CD :o)

> Special user ? is it really secure ?

You could have the special user.

There are tow aspects to your question
1. Is python stable enough, so it does not crash in such a way that
this allows another user to gain more priviledge then supposed to.

The answer about Python is it is quite stable probably more stable
then most other software. However your scripts may not be :o)

2. Is it secure to have Python on the machine?
Well Pytohn is merely a script language interpreter. Who has acces to
it and how is something you determine. Do you have shell interpreter,
perl etc.? A script interpreter is far easier to secure then a web
server and much more reliable. Moreover it will only be accessible to
people with shell accounts on a production server I would not grant
many shell accounts.

> Other idea ?

No. However I would avoid putting customized Python distros or
recompiled using some tool versions for the reason this may have some
security implications.
>
> TIA.
>
> B.

Steve Holden

unread,
Aug 5, 2002, 7:41:15 AM8/5/02
to
Kiril Karaatanasov" <karaat...@hotmail.com> wrote in message
news:71a1c515.02080...@posting.google.com...

> "Bertrand Geston" <berg...@yahoo.fr> wrote in message
news:<ai917o$12j0d8$1...@ID-135695.news.dfncis.de>...
[...]

> > Run it from a CD rom ? How ?
>
> Just have the python root ont the CD :o)
>
You should realise that this will be slower than a disk-based Python because
the interpreter will be unable to create the .pyc files which it normally
creates to avoid unnecessary recompilation. (Plus, of course, CDs are slower
than disks).
[...]

regards
-----------------------------------------------------------------------
Steve Holden http://www.holdenweb.com/
Python Web Programming http://pydish.holdenweb.com/pwp/
-----------------------------------------------------------------------


"

0 new messages